HPE Aruba Networking (previously Aruba Networks) has released security updates to deal with critical flaws impacting ArubaOS that could consequence in distant code execution (RCE) on affected techniques.
Of the 10 security problems, 4 are rated critical in severity –
- CVE-2024-26304 (CVSS rating: 9.8) – Unauthenticated Buffer Overflow Vulnerability in the L2/L3 Management Company Accessed by way of the PAPI Protocol
- CVE-2024-26305 (CVSS score: 9.8) – Unauthenticated Buffer Overflow Vulnerability in the Utility Daemon Accessed through the PAPI Protocol
- CVE-2024-33511 (CVSS rating: 9.8) – Unauthenticated Buffer Overflow Vulnerability in the Automated Reporting Assistance Accessed by means of the PAPI Protocol
- CVE-2024-33512 (CVSS score: 9.8) – Unauthenticated Buffer Overflow Vulnerability in the Local User Authentication Database Accessed by using the PAPI Protocol
A risk actor could exploit the aforementioned buffer overflow bugs by sending specifically crafted packets destined to the Process Application Programming Interface (PAPI) UDP port (8211), therefore getting the capability to execute arbitrary code as a privileged consumer on the underlying functioning method.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
The vulnerabilities, which effects Mobility Conductor (previously Mobility Learn), Mobility Controllers, and WLAN Gateways and SD-WAN Gateways managed by Aruba Central, are current in the adhering to program versions –
- ArubaOS 10.5.1. and below
- ArubaOS 10.4.1. and down below
- ArubaOS 8.11.2.1 and down below, and
- ArubaOS 8.10..10 and down below
They also affect the ArubaOS and SD-WAN program versions that have arrived at close of servicing status –
- ArubaOS 10.3.x.x
- ArubaOS 8.9.x.x
- ArubaOS 8.8.x.x
- ArubaOS 8.7.x.x
- ArubaOS 8.6.x.x
- ArubaOS 6.5.4.x
- SD-WAN 8.7..-2.3..x, and
- SD-WAN 8.6..4-2.2.x.x
A security researcher named Chancen has been credited with identifying and reporting seven of the 10 issues, together with the four critical buffer overflow vulnerabilities.
Customers are advised to utilize the most up-to-date fixes to mitigate opportunity threats. As momentary workarounds for ArubaOS 8.x, the enterprise is recommending that consumers empower the Enhanced PAPI Security aspect employing a non-default crucial.
Observed this article interesting? Follow us on Twitter and LinkedIn to browse much more exceptional content we put up.
Some areas of this post are sourced from:
thehackernews.com
Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw